From owner-freebsd-ipfw@FreeBSD.ORG  Fri Jan  9 00:24:27 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 17D2316A4CE
	for <freebsd-ipfw@freebsd.org>; Fri,  9 Jan 2004 00:24:27 -0800 (PST)
Received: from smart.eusc.inter.net (smart.eusc.inter.net [213.73.101.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4F64743D45
	for <freebsd-ipfw@freebsd.org>; Fri,  9 Jan 2004 00:24:26 -0800 (PST)
	(envelope-from msch@snafu.de)
Received: from mail.snafu.de ([10.12.0.4] helo=service.snafu.de)
	by smart.eusc.inter.net with smtp (Exim 3.36 #4)
	id 1AerwP-0005mN-00; Fri, 09 Jan 2004 09:24:25 +0100
To: Ganbold <ganbold@micom.mng.net>
From: msch@snafu.de
X-Sender: msch@snafu.de
Date: Fri, 9 Jan 2004 08:24:25 GMT
X-Mailer: Endymion MailMan Standard Edition v3.0.35
Message-Id: <E1AerwP-0005mN-00@smart.eusc.inter.net>
cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw on a bridge
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2004 08:24:27 -0000

Hi, 
 
> I also have bridge ipfw2 on FreeBSD 5.2-current. 
> And following rule passes arp requests. 
>  
> # pass ARP 
> ${fwcmd} add 3000 allow layer2 mac-type arp 
 
This is exactly what doesn't work here :-( 
 
Would you tell me your related sysctl-values and kernel options? 
 
Mine here are: (/etc/sysctl.conf) 
 
net.link.ether.bridge_cfg=fxp0,fxp1 
net.link.ether.bridge_ipfw=1 
net.link.ether.bridge=1 
 
and: 
 
options         BRIDGE                  #bridge-ability 
options         IPFIREWALL              #firewall 
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8) 
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity 
 
Thanks so far - Matthias